Skip to content
This repository has been archived by the owner on Oct 21, 2022. It is now read-only.

SSL Medium and RC4 Ciphers supported #22

Open
sveeke opened this issue Jun 18, 2018 · 1 comment
Open

SSL Medium and RC4 Ciphers supported #22

sveeke opened this issue Jun 18, 2018 · 1 comment
Labels
bug-infrastructure Bugs inside SURFnet's infrastructure risk-moderate Security issues with a moderate impact
Milestone
Pilot 2018

Comments

@sveeke
Copy link
Contributor

sveeke commented Jun 18, 2018

The badgr-dev2.edubadges.nl webserver supports insecure Medium and RC4 ciphers.
@sveeke sveeke added the risk-moderate Security issues with a moderate impact label Jun 18, 2018
@sveeke sveeke added this to the Pilot 2018 milestone Jun 18, 2018
@sveeke
Copy link
Contributor Author

sveeke commented Jun 18, 2018

threatLevel="Moderate" type="Insecure SSL/TLS Configuration"

The badgr-dev2.edubadges.nl webserver supports insecure Medium DES-CBC3-SHA, RC4-MD5 and RC4-SHA ciphers.

The testssl.sh (www.testssl.sh) was used to find the issues.

./testssl.sh badgr-dev2.edubadges.nl

 Triple DES Ciphers (Medium)                   offered
 Weak 128 Bit ciphers (SEED, IDEA, RC[2,4])    offered (NOT ok)

impact:
Using Medium-Grade-Ciphers and RC4 makes it easier to attack connections or decrypt the encrypted traffic.

recommendation:
Disable the use of the insecure Medium DES-CBC3-SHA, RC4-MD5 and RC4-SHA ciphers.

@sveeke sveeke added the bug-infrastructure Bugs inside SURFnet's infrastructure label Jun 18, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug-infrastructure Bugs inside SURFnet's infrastructure risk-moderate Security issues with a moderate impact
Projects
None yet
Milestone
Pilot 2018
Development

No branches or pull requests
1 participant
@sveeke